Youtube Lottery Email Scam (Mac)

Also Known As: possible malware infections
Type: Mac Virus
Distribution: Low
Damage level: Medium

How to remove "Youtube Lottery Email Scam" from Mac?

What is "Youtube Lottery Email Scam"?

"Youtube Lottery" Email Scam (Mac) is a scam that is designed to trick people into thinking that they have won some YouTube lottery. The main goal of this scam is to encourage recipients to send scammers their full names, addresses, mobile numbers and so on. However, they might be asking for other details as well. Since it is just a scam and YouTube company has nothing to do with, we recommend to ignore it. In other words, not to send scammers who designed it any details.

Youtube Lottery scam

The email is designed to look like it is an official notification from YouTube. Its recipients are encouraged to open the attachment ("YOUTUBE PAYMENT 2019.pdf" file) and to follow further instructions. As stated in the attachment, the person who received this email was selected as a major customer/user of YouTube and a winner of $970,000,000. It is stated that this lottery is promoted by International lottery and betting institution. Additionally, recipients are encouraged not to share information about this email with anyone, otherwise it might cause fraudulent claims by unauthorized people. To claim the prize recipients supposed to send their full names, current contact addresses and mobile numbers to claims@youtube-processing.icu. However, as we mentioned in our introduction, once contacted these scammers might be asking for more details. One way or another, their objective is to extract information and then to misuse it to generate revenue. In order to avoid any problems (like issues with privacy, browsing safety or even identity theft) we recommend not to trust this email.

There are many different scams, quite often they are designed to trick people into sending scammers money. Here are some examples: "CVE-2019-1663", "Placed a malware on the xxx streaming site" and "This account was recently infected". Additionally, there are scams that are designed to infect computers. Scammers send emails that contain malicious attachments. If opened, they download and install high-risk malware. Some examples of malicious programs that are proliferated through emails are: LokiBot, TrickBot, Emotet and AZORult. Typically, cyber criminals spread malware that is designed to steal personal details that could be used to generate revenue. They attempt to trick people into installing programs that steal information such as various logins, passwords, information about user's browsing habits and so on. Victims usually experience problems like data, financial loss, privacy isssues and so on. That is why emails of this type should not be trusted.

Threat Summary:
Name possible malware infections
Threat Type Phishing, Scam, Social Engineering, Fraud
Fake Claim Scammers claim that recipients won the YouTube lottery and ask to send them some personal information
Symptoms Unauthorized online purchases, changed online account passwords, identity theft, illegal access of one's computer.
Distribution methods Deceptive emails, rogue online pop-up ads, search engine poisoning techniques, misspelled domains.
Damage Loss of sensitive private information, monetary loss, identity theft.
Removal

To eliminate possible malware infections our malware researchers recommend scanning your computer with Combo Cleaner.
▼ Download Combo Cleaner
Free scanner checks if your computer is infected. To remove malware, you have to purchase the full version of Combo Cleaner.

How did potentially unwanted applications install on my computer?

Spam campaigns (emails) that are used to proliferate malicious programs can infect systems if the files attached to them are opened. Attachments in emails of this type usually are Microsoft Office documents, PDF documents, ZIP, RAR and other archive files, JavaScript files or executables (like .exe files). If left unopened, they cannot do any damage.

How to avoid installation of potentially unwanted applications?

There are various ways to spread malicious programs. To avoid having them installed, we recommend to be careful with suspicious emails. If an email is received from unknown, suspicious address, it contains some attachment or web link and is irrelevant, it should be ignored. All software should be downloaded from official websites, other sources like P2P (Peer-to-Peer) networks, unofficial pages, third party downloaders and so on, should not be trusted. Installed software has to be updated properly, using implemented tools (or functions) that are provided by official software developers. Furthermore, it is not safe to activate installed programs or operating system via third party activation tools. These are not legal and often are used to distribute malware (download and install malicious programs). Computers are safer if there is some reputable anti-virus or anti-spyware suite installed on them. Besides, it is important to scan systems for viruses regularly. If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate them.

Text presented in the email:

Subject: CONGRATULATIONS! YOUTUBE LOTTERY WINNING NOTIFICATION.

YouTube Official Notification

YouTube - Board Members wishes to congratulate you.
Attached is your prize winning Notification letter for your payment.

Yours sincerely,

Eric Harman
Director YouTube Foundation

© 2019 YouTube LLC, San Bruno, California, United States

Screenshot of the text in the attached file ("YOUTUBE PAYMENT 2019.pdf"):

youtube lotttery email scam attachment

Text in this PDF document:

YouTube, LLC
Website:
www.youtube.com

We wish to congratulate you on this note for being selected as a major customer this year. This promotion was set-up to encourage the active users of YouTube search engine and the YouTube ancillary services and confirmed by our co-sponsors Visa*/MasterCard* International. YouTube earns its profit mainly from advertising and Views, social networking, YouTube video sharing.

We are delighted to inform you of the ONLINE MEGA GRANT 2019 DRAW held on May 2019: Due to mix up of names & numbers the result were released on MAY/19/2019. Your eMail ID attached to ticket number: 809976 with serial number: 9912 drew lucky numbers: 4-18-21-27-32-37 with bonus ball 45 which consequently won in the 3rd category.

Therefore, we present & approved you the winner of the sum of NINE HUNDRED & SEVENTY THOUSAND DOLLARS ($970,000,00USD). Congratulations!!! This online program was designed & promoted by US INTERNATIONAL LOTTERY & BETTING INSTITUTION ACROSS NATION.

To enable us proceed with your claims, this information must be kept away from public to avoid unwarranted abuse of the program or fraudulent claims by unauthorized person(s). We hereby, asked for the reconfirmation of your Full names, Current contact address and Mobile number along with your eMail ID for proper verification.

Contact & Forward the above listed details to your claims agent: Dr. Albert Osborne.

eMail: claims@youtube-processing.icu

YouTube values your right to privacy! Your information M 100% secured and will be used exclusively for the purpose of this grant only.

Congratulations from the Staff & Members of YouTube and YouTube Board. Sincerely,

Susan D. Wojcic1d
Chief Executive Officer of
YouTube.

©2019 YouTube LLC

All fight reserved. This email was sent from a notification email address. The information in this email is confidential and legally privileged. h is for the exclusive use of the intended recipient(s). Please consider the environment.

Instant automatic removal of possible malware infections: Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of possible malware infections. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. Free scanner checks if your computer is infected. To remove malware, you have to purchase the full version of Combo Cleaner.

Quick menu:

Video showing how to remove adware and browser hijackers from a Mac computer:

Potentially unwanted applications removal:

Remove potentially unwanted applications from your "Applications" folder:

mac browser hijacker removal from applications folder

Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX", "NicePlayer", or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.

Remove possible malware infections related files and folders:

Finder go to folder command

Click the Finder icon, from the menu bar. Choose Go, and click Go to Folder...

step1Check for adware-generated files in the /Library/LaunchAgents folder:

removing adware from launch agents folder step 1

In the Go to Folder... bar, type: /Library/LaunchAgents

removing adware from launch agents folder step 2
In the “LaunchAgents” folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - “installmac.AppRemoval.plist”, “myppes.download.plist”, “mykotlerino.ltvbit.plist”, “kuklorest.update.plist”, etc. Adware commonly installs several files with the same string.

step2Check for adware generated files in the /Library/Application Support folder:

removing adware from application support folder step 1

In the Go to Folder... bar, type: /Library/Application Support

removing adware from application support folder step 2
In the “Application Support” folder, look for any recently-added suspicious folders. For example, “MplayerX” or “NicePlayer”, and move these folders to the Trash.

step3Check for adware-generated files in the ~/Library/LaunchAgents folder:

removing adware from ~launch agents folder step 1


In the Go to Folder bar, type: ~/Library/LaunchAgents

removing adware from ~launch agents folder step 2

In the “LaunchAgents” folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - “installmac.AppRemoval.plist”, “myppes.download.plist”, “mykotlerino.ltvbit.plist”, “kuklorest.update.plist”, etc. Adware commonly installs several files with the same string.

step4Check for adware-generated files in the /Library/LaunchDaemons folder:

removing adware from launch daemons folder step 1
In the Go to Folder... bar, type: /Library/LaunchDaemons

removing adware from launch daemons folder step 2
In the “LaunchDaemons” folder, look for recently-added suspicious files. For example “com.aoudad.net-preferences.plist”, “com.myppes.net-preferences.plist”, "com.kuklorest.net-preferences.plist”, “com.avickUpd.plist”, etc., and move them to the Trash.

step 5 Scan your Mac with Combo Cleaner:

If you have followed all the steps in the correct order you Mac should be clean of infections. To be sure your system is not infected run a scan with Combo Cleaner Antivirus. Download it HERE. After downloading the file double click combocleaner.dmg installer, in the opened window drag and drop Combo Cleaner icon on top of the Applications icon. Now open your launchpad and click on the Combo Cleaner icon. Wait until Combo Cleaner updates it's virus definition database and click "Start Combo Scan" button.

scan-with-combo-cleaner-1

Combo Cleaner will scan your Mac for malware infections. If the antivirus scan displays "no threats found" - this means that you can continue with the removal guide, otherwise it's recommended to remove any found infections before continuing.

scan-with-combo-cleaner-2

After removing files and folders generated by the adware, continue to remove rogue extensions from your Internet browsers.

possible malware infections removal from Internet browsers:

safari browser iconRemove malicious extensions from Safari:

Remove possible malware infections related Safari extensions:

safari browser preferences

Open Safari browser, from the menu bar, select "Safari" and click "Preferences...".

safari extensions window

In the preferences window, select "Extensions" and look for any recently-installed suspicious extensions. When located, click the "Uninstall" button next to it/them. Note that you can safely uninstall all extensions from your Safari browser - none are crucial for normal browser operation.

  • If you continue to have problems with browser redirects and unwanted advertisements - Reset Safari.

firefox browser iconRemove malicious plug-ins from Mozilla Firefox:

Remove possible malware infections related Mozilla Firefox add-ons:

accessing mozilla firefox add-ons

Open your Mozilla Firefox browser. At the top right corner of the screen, click the "Open Menu" (three horizontal lines) button. From the opened menu, choose "Add-ons".

removing malicious add-ons from mozilla firefox

Choose the "Extensions" tab and look for any recently-installed suspicious add-ons. When located, click the "Remove" button next to it/them. Note that you can safely uninstall all extensions from your Mozilla Firefox browser - none are crucial for normal browser operation.

  • If you continue to have problems with browser redirects and unwanted advertisements - Reset Mozilla Firefox.

chrome-browser-iconRemove malicious extensions from Google Chrome:

Remove possible malware infections related Google Chrome add-ons:

removing malicious google chrome extensions step 1

Open Google Chrome and click the "Chrome menu" (three horizontal lines) button located in the top-right corner of the browser window. From the drop-down menu, choose "More Tools" and select "Extensions".

removing malicious Google Chrome extensions step 2

In the "Extensions" window, look for any recently-installed suspicious add-ons. When located, click the "Trash" button next to it/them. Note that you can safely uninstall all extensions from your Google Chrome browser - none are crucial for normal browser operation.

  • If you continue to have problems with browser redirects and unwanted advertisements - Reset Google Chrome.

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

Malware activity

Global virus and spyware activity level today:

Medium threat activity
Medium

Increased attack rate of infections detected within the last 24 hours.

QR Code
possible malware infections QR code
A QR code (Quick Response Code) is a machine-readable code which stores URLs and other information. This code can be read using a camera on a smartphone or a tablet. Scan this QR code to have an easy access removal guide of possible malware infections on your mobile device.
We Recommend:

Get rid of possible malware infections today:

▼ REMOVE IT NOW with Combo Cleaner for Mac

Platform: macOS

Editors' Rating for Combo Cleaner:
Outstanding!

[Back to Top]

Free scanner checks if your computer is infected. To remove malware, you have to purchase the full version of Combo Cleaner.